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REMARKS 

Claims 1, 2, 4, 6-34, 36, and 38-67 are pending and under consideration in this 
application. Claims 68 and 69 are canceled herein without prejudice or disclaimer Further 
reconsideration is requested based on the foregoing amendment and the following remarks. 

Response to Arguments: 

The Applicants appreciate the consideration given to their arguments. The Applicants, 
however, are disappointed that their arguments were not found to be persuasive. The Office 
Action asserts in section 35, at page 11, lines 12-15, that: 

Examiner maintains that the Howard reference teaches on the claim limitation of 
estimating the legality of an access request" as taught by Howard in column 7, 
line 66 -- column 8, line 20. Howard teaches the evaluation of a string that is 
being sent from a client to a server location to determine if the string contains an 
attack pattern. 

But a string containing an attack pattern cannot be a legal request for access. Thus T to 
assert that Howard shows estimating the "legality of an access request" is submitted to be 
without basis. 

The Office Action asserts further in section 35, at page 11 , lines 15-18, that: 

if an attack pattern is found the string can be identified as a string containing an 
attack pattern and remedial actions may be performed, for example, to block the 
string from being received at the server 

Here, again, if Howard is blocking a string being received at the server, the string cannot 
be a legal request for access. Thus, to assert that Howard shows estimating the "legality of an 
access request" is submitted to be without basis. 

The Office Action goes on to assert in section 35, at page 10, lines 19-22, continuing at 
page 12, lines 1 and 2, that; 

Regarding that to which is claimed by applicants, legality of an access request is 
best understood given broadest reasonable interpretation, the access request 
being a message being sent to a server from a client device wherein legality of 
the message is understood as the determination of whether or not a message 
should or should not be allowed to be forwarded to a server. 

Determining whether or not a message should or should not be allowed to be forwarded to a 
server, however, only amounts to screening the message. No estimate of the legality of the 
messages is performed in Howard, Rather, in Howard, if a message matches an illegal search 
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string it is deemed to be illegal. The fact that a message does not match an illegal search string 
leads to no estimate of the legality of the message. Rather, the message is simply forwarded to 
the server without comment. The third clause of claim 1 , in contrast, recites, "a pattern 
estimation unit which estimates legality of an access request based on the illegal access 
patterns stored in the illegal pattern database and on a predetermined pattern estimation rule/' 

The Office Action goes on to assert in section 35, at page 12, lines 2-6, that: 

This interpretation is based on what is provided in the applicants' filed 
specification for example on page 13, lines 13-20. No real guidance is given 
within the claims as to what extent the term "estimation" is to be interpreted 
regarding scope. Therefore, what Howard teaches is deemed to be within the 
scope of the claimed limitation. 

The subject application describes at page 13, lines 13-20: 

Although not shown in Fig. 2, the illegal request DB 33 also stores a plurality of 
illegal command character strings each of which executes an arbitrary system 
command on the Web server 40. By storing the patterns of these command 
character strings in the illegal request DB 33, it is possible to protect the Web 
server 40 not only from an illegal access using a known attacking method but also 
an illegal access using an unknown attacking method. 

Howard describes no ability to protect a Web server from an illegal access using an unknown 
attacking method, as described in the specification, Howard, rather, compares an input search 
string to a database of known attack patterns. Even so, support for the third clause of claim 1 is 
not limited to that paragraph of the specification cited in the Office Action. As described further 
at page 13, lines 21 to 25, continuing at page 14, lines 1-5: 

By referring to the illegal request DB 33, the estimation section 32 estimates the 
legality of the HTTP request based on a predetermined estimation rule 32a. 
Specifically, if the HTTP request corresponds to any one of the illegal access 
patterns stored in the illegal request DB 33, the estimation section 32 estimates 
that the HTTP request is an illegal access. If the HTTP request does not 
correspond to any illegal access patterns stored in the illegal request DB 33, the 
estimation section 32 estimates that the HTTP request is a legal access. 

Howard, on the other hand, describes no estimation section 32 estimating the legality of an 
HTTP request based on a predetermined estimation rule 32a, let alone "a pattern estimation unit 
which estimates legality of an access request based on the illegal access patterns stored in the 
illegal pattern database and on a predetermined pattern estimation rule," as recited in the third 
clause of claim 1. 

The Office Action asserts in section 36, at page 12, lines 10-17, that: 

Howard teaches in column 7, line 66 - column 9, line 20 the evaluation of input 
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strings to determine the presence of input strings, Howard teaches in column 7, 
lines 24-30 the use of memory that contains one or more patterns that have been 
defined and make up a pattern collection. Therefore, in view of point (A) and what 
is further taught by Howard, Howard does teach on the claim limitation "a pattern 
estimation unit which estimates legality of an access request based on the illegal 
access patterns stored in the illegal pattern database and on a predetermined 
pattern estimation rule". 

To the contrary, Howard describes no "pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," as recited in the third clause of claim 1 . Howard, 
rather, is only determining whether or not a message should or should not be allowed to be 
forwarded to a server, Le, screening the message, as discussed above. Memory location 304, in 
particular, stores search patterns that the pattern matching engine 302 can use to evaluate an 
input string to determine whether it likely constitutes an attack on the server, Le, whether it is an 
illegal search string. In particular, as described at column 8, lines 24 to 34: 

In the FIG, 4 embodiment, input string screening tool 300 includes a pattern 
matching engine 302 and a memory location 304. Memory location 304 contains 
one or more patterns that have been defined and make up a pattern collection 
306, The patterns are stored in the memory location and are accessible to the 
screening tool for evaluating input strings. The pattern matching engine can 
retrieve one or more search patterns and use them to evaluate an input string to 
determine whether it likely constitutes an attack on the Web server. 

Howard needs no "pattern estimation unit which estimates legality of an access request 
based on the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule," as recited in the third clause of claim 1 , for that Further 
reconsideration is thus requested. 

Claim Rejections - 35 U,S,(X § 103; 

Claims 1, 2, 4, 6-19, 26-30, 33, 34, 36, 38-51, 58-62, 65, 66, and 67 were rejected under 
35 U.S,C, § 103 as being unpatentable over U,S, Patent No, 7,051,368 to Howard et aL 
{hereinafter "Howard") in view of US 2003/0051026 to Carter et aL (hereinafter "Carter"), The 
rejection is traversed, Reconsideration is earnestly solicited. 

The third clause of ciaim 1 recites: 

A pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule- 
Neither Howard nor Carter teach, disclose, or suggest estimating the legality of an 
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access request/' let alone "a pattern estimation unit which estimates legality of an access 
request based on the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule/* as recited in claim 1. Howard, rather, screens input 
strings to identify strings that contain attack patterns that can be used to attack a Web server 
Attack patterns are not contained in legal access requests. In particular, as described at column 
1, lines 7-12: 

This invention relates to methods and systems for screening input strings that are 
intended for use by Web servers. In particular, the invention pertains to methods 
and systems for identifying input strings that contain attack patterns that can be 
used to attack a Web server, and, in some instances, reacting to the attack 
patterns once identified. 

Since Howard screens input strings to identify attack patterns that can be used to attack a Web 
server, Howard is not estimating legality of an access request based on the illegal access 
patterns stored in the illegal pattern database and on a predetermined pattern estimation rule," 
as recited in claim 1. 

Howard, furthermore, is screening input strings. In particular, as described at column 2, 
lines 14 and 15: 

Methods and systems of screening input strings that are intended for use by a 
Web server are described. 

Since Howard is screening input strings, Howard is not estimating the legality of an access 
request," as recited in claim 1. 

Furthermore, in Howard, an input string that is intended for use by a Web server is 
received and evaluated using the search pattern to ascertain whether an attack pattern is 
present. In particular, as described at column 2, lines 20-25: 

An input string that is intended for use by a Web server is received and evaluated 
using the search pattern to ascertain whether the attack pattern is present. If an 
attack pattern is found that matches the search pattern, then a remedial action is 
implemented. 

Since Howard evaluates an input string to ascertain whether an attack pattern is present, 
Howard is not estimating the legality of an access request," as recited in claim 1 . 

Finally, in Howard, an input string is evaluated using the search pattern to ascertain 
whether an attack pattern is present in particular, as described at column 8, lines 52-67: 

A Web server input string screening method comprising: 

determining an attack pattern that can be used to attack a Web server, the attack 

pattern comprising content that is determined as constituting one or more of a 
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disclosure attack or an integrity attack on the Web server, 

defining a search pattern that can be used to detect the attack pattern, the search 

pattern being defined in a manner that permits variability among its constituent 

parts; 

receiving an input string that is intended for use by a Web server; 
evaluating the input string using the search pattern to ascertain whether the 
attack pattern is present; and 

implementing a remedial action if an attack pattern is found that matches the 
search pattern. 

Since Howard evaluates an input string to ascertain whether an attack pattern is present, 
Howard is not estimating the "legality of an access request/' as recited in claim 1 . 

Carter is not estimating legality of an access request based on the illegal access 
patterns stored in the illegal pattern database and on a predetermined pattern estimation rule" 
either, and thus cannot make up for the deficiencies of Howard with respect to claim 1 in any 
case. Thus, even if Howard and Carter were combined as proposed in the Office Action, claim 1 
would not result. 

The fifth clause of claim 1 recites: 

A transmission unit which controls transmission of the access request based on 
the determination result of the pattern determination unit so as to transmit the 
access request to the server when the access request is estimated to be legal. 

Neither Howard nor Carter teach, disclose, or suggest transmitting "the access request to 
the server when the access request is estimated to be legal," let alone "a transmission unit which 
controls transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
estimated to be legal," as recited in claim 1 . No estimate is made in Howard of the legality of an 
access request," as discussed above. Howard, rather, processes any input string as long as 
there are no attack patterns present in the input string. In particular, as described at column 7, 
lines 36-45: 

Step 206 receives an input string from the client that is intended for use by the 
Web server, and step 208 evaluates the input string using one or more of the 
search patterns. Step 21 0 determines whether any of the attack patterns are 
present in the input string. An attack pattern is present if a match is found for the 
search pattern in the input string. If there are no attack patterns present in the 
input string, then step 212 processes the input string or request that is associated 
with the input string. 

Since Howard screens input strings to identify attack patterns that can be used to attack a Web 
server, Howard is not transmitting "the access request to the server when the access request is 
estimated to be legal," as recited in claim 1 . 
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Howard, furthermore, implements a remedial action if an attack pattern is identified to be 
associated with the input string. In particular, as described at column 7, lines 47-51 : 

If, on the other hand, there is an attack pattern that is identified to be associated 
with the input string (Le* an attack pattern is found in the input string that matches 
the search pattern), then step 214 implements a remedial action. 

Since Howard implements a remedial action if an attack pattern is identified to be associated 
with the input string, Howard is not transmitting "the access request to the server when the 
access request is estimated to be legal/' as recited in claim 1. 

Howard, finally, denies a request that is associated with the input string having an attack 
pattern, Howard does not mention treatment accorded any input string that has no attack 
patterns present in the input string. In particular, as described at column 7, lines 51-58: 

Remedial actions can be any actions that are associated with minimizing or 
eliminating the effect that an attack pattern can have on the Web server. In but 
one example, this can include denying a request that is associated with the input 
string. For example, in the case of an input string that is a URL, this could mean 
returning an error message to the client to the effect that the request could not be 
executed. 

Since Howard denies a request that is associated with the input string having an attack pattern, 
Howard is not transmitting "the access request to the server when the access request is 
estimated to be legal," as recited in claim 1 

Carter is not transmitting "the access request to the server when the access request is 
estimated to be legal, 3 ' either, and thus cannot make up for the deficiencies of Howard with 
respect to claim 1 in any case. Thus, even if Howard and Carter were combined as proposed in 
the Office Action, claim 1 would not result. 

The sixth and seventh clauses of claim 1 recite: 

The pattern estimation unit calculates a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database; and 
the pattern determination unit compares the estimation value calculated by the 
pattern estimation unit with a predetermined threshold value, and determines 
whether the access request is to be transmitted to the server. 

Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined 
estimation value according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database," or comparing "the estimation value 
calculated by the pattern estimation unit with a predetermined threshold value," to "determine 
whether the access request is to be transmitted to the server." 
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The Office Action acknowledges in section 10, in the first full paragraph at page 5, that: 

Howard does not explicitly teach of wherein the pattern estimation unit calculates 
a predetermined estimation value according to a degree of correspondence of the 
access requests to the illegal access patterns stored in the illegal pattern 
database; and the pattern determination unit compares the estimation value 
calculated by the pattern estimation unit with a predetermined threshold value, 
and determines whether the access request is to be transmitted to the server 

The Office Action attempts to compensate for this deficiency of Howard by combining 
Howard with Carter 

Carter, however, is not calculating "a predetermined estimation value according to a 
degree of correspondence of the access requests to the illegal access patterns stored in the 
illegal pattern database," or comparing "the estimation value calculated by the pattern estimation 
unit with a predetermined threshold value," to "determine whether the access request is to be 
transmitted to the server/' either, and thus cannot make up for the deficiencies of Howard with 
respect to claim 1 . In Carter, rather, if the system could not recognize an occurrence which 
threatened the network's security by consulting its knowledge base, the system would draw 
comparisons to prior occurrences to infer appropriate countermeasures. In particular, as 
described in paragraph [0006]: 

The system monitors network operations to detect occurrences which threaten 
the network's security. The system would attempt to recognize these occurrences, 
by consulting its knowledge base, to determine the correct response. If the 
occurrence is not recognized, the system would preferably have the additional 
capability of drawing comparisons to prior occurrences to infer appropriate 
countermeasures. 

Since, in Carter, if the system could not recognize an occurrence which threatened the network's 
security by consulting its knowledge base, the system would draw comparisons to prior 
occurrences to infer appropriate countermeasures, Carter is not calculating "a predetermined 
estimation value according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database," or comparing "the estimation value 
calculated by the pattern estimation unit with a predetermined threshold value," to "determine 
whether the access request is to be transmitted to the server," as recited in claim 1 . 

Nor is the threshold function described in paragraph [0447] of Carter a "predetermined 
threshold value," as recited in claim 1. The threshold function in Carter, rather, is the argument 
of a neuron's activation function, as described in [0449]: 

[0449] The Activation Function, denoted by <P k determines the output Y k of neuron 
k. The value of the Threshold Function v k is the argument of the Activation 
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Function <tv The Activation Function <t> may assume a variety of forms. The 
flexibility in the forms of <t> enables the Neural Network to more efficiently learn 
knowledge of greater complexity. 

The activation function, in turn, limits the amplitude of the neuron's output, as described 
at paragraph [0443]: 

[0443] An activation function limits the amplitude of a neuron's output The 
activation function is also referred to as a squashing function in that it squashes 
(limits) the permissible amplitude range of the output signal to some finite value. 

Since the threshold function in Carter is the argument of a neuron's activation function, 
and the activation function limits the amplitude of the neuron's output, Carter is not comparing 
"the estimation value calculated by the pattern estimation unit with a predetermined threshold 
value/' to "determine whether the access request is to be transmitted to the server," as recited in 
claim 1 . Thus, even if Howard and Carter were combined as proposed in the Office Action, 
ciaim 1 would not result. 

Finally the Office Action provides no motivation or suggestion to combine the teachings 
of Howard and Carter as required by 35 U.S.C. § 103(a) and the M,RE.P. §706,02(j)(D), beyond 
an assertion that "(o)ne of ordinary skill in the art at the time of the invention would have been 
motivated to make the above mentioned modifications for the reasons discussed in Carter 
wherein Carter teaches the ability to expand the knowledge base with information relating to 
unanticipated events is desirable in a network system," 

Access requests, however, and particularly legal access requests, are not unanticipated 
events in a network system. Thus, even if Carter taught the desirability of expanding a 
knowledge base with information related to unanticipated events, Carter would still not provide 
any reason at all to include a pattern estimation unit which estimates legality of an access 
request based on the illegal access patterns stored in the illegal pattern database, as recited in 
claim 1 Claim 1 is submitted to be allowable. Withdrawal of the rejection of claim 1 is earnestly 
solicited. 

Claims 2, 4, 6-19, and 26-30 depend from claim 1 and add further distinguishing 
elements. Claim 2, 4, 6-19, and 26-30 are thus also submitted to be allowable. Withdrawal of 
the rejection of claim 2, 4, 6-19, and 26-30 is also earnestly solicited. 

Claims 33, 34, 36 t 38-51, and 58-62: 
The second clause of claim 33 recites: 

A pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a 
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predetermined pattern estimation rule. 

Neither Howard nor Carter teach, disclose, or suggest "a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," as discussed above with 
respect to the rejection of claim 1 . 

The fourth clause of claim 33 recites: 

Controlling transmission of the access request based on determination result of 
the pattern determination step so as to transmit the access request to the server 
when the access request is estimated to be legal. 

Neither Howard nor Carter teach, disclose, or suggest "controlling transmission of the 
access request based on determination result of the pattern determination step so as to transmit 
the access request to the server when the access request is estimated to be legal," as also 
discussed above with respect to the rejection of claim 1 . 

The fifth and sixth clauses of claim 33 recite: 

The pattern estimation step includes calculating a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database; and 
the pattern determination step includes comparing the estimation value calculated 
in the pattern estimation step with a predetermined threshold value, and 
determining whether the access request is to be transmitted to the server 

Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined 
estimation value according to a degree of correspondence of the access request and the illegal 
access patterns stored in the illegal pattern database," or comparing "the estimation value 
calculated by the pattern estimation unit with a predetermined threshold value," to "determine 
whether the access request is to be transmitted to the server," as discussed above with respect 
to the rejection of claim 1 Thus, even if Howard and Carter were combined as proposed in the 
Office Action, claim 33 would not result. Claim 33 is submitted to be allowable for at least those 
reasons discussed above with respect to the rejection of claim 1 . Withdrawal of the rejection of 
claim 33 is earnestly solicited. 

Claims 34, 36, 38-51, and 58-62 depend from claim 33 and add further distinguishing 
elements. Claims 34, 36, 38-51 , and 58-62 are thus also submitted to be allowable. Withdrawal 
of the rejection of claims 34, 36, 38-51 , and 58-62 is also earnestly solicited. 

Claim 65: 

The second clause of claim 65 recites: 
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Estimating legality of an access request based on the illegal access patterns 
referred to and on a predetermined pattern estimation rule. 

Neither Howard nor Carter teach, disclose, or suggest "estimating legality of an access 
request based on the illegal access patterns referred to and on a predetermined pattern 
estimation rule/' as discussed above with respect to the rejection of claim 1 . 

The fourth clause of claim 65 recites: 

Controlling transmission of the access request based on determination result of 
the pattern determination step so as to transmit the access request to the server 
when the access request is estimated to be legal 

Neither Howard nor Carter teach, disclose, or suggest "controlling transmission of the 
access request based on determination result of the pattern determination step so as to transmit 
the access request to the server when the access request is estimated to be legal," as also 
discussed above with respect to the rejection of claim 1. 

The fifth and sixth clauses of claim 65 recite: 

The pattern estimation step includes calculating a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database; and 
the pattern determination step includes comparing the estimation value calculated 
in the pattern estimation step with a predetermined threshold value, and 
determining whether the access request is to be transmitted to the server. 

Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined 
estimation value according to a degree of correspondence of the access request and the illegal 
access patterns stored in the illegal pattern database/' or comparing M the estimation value 
calculated by the pattern estimation unit with a predetermined threshold value," to "determine 
whether the access request is to be transmitted to the server," as discussed above with respect 
to the rejection of claim 1 . Thus, even if Howard and Carter were combined as proposed in the 
Office Action, claim 65 would not result. Claim 65 is submitted to be allowable for at feast those 
reasons discussed above with respect to the rejection of claim 1 . Withdrawal of the rejection of 
claim 65 is earnestly solicited. 

Claim 66: 

The fourth clause of claim 66 recites: 

Estimating legality of an access request based on the illegal access patterns 
referred to and on a predetermined pattern estimation rule. 

Neither Howard nor Carter teach, disclose, or suggest "estimating legality of an access request 
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based on the illegal access patterns referred to and on a predetermined pattern estimation rule," 
as discussed above with respect to the rejection of claim 1 . 

The fifth clause of claim 66 recites: 

Determining whether the access request is to be transmitted to the server based 
on the estimate of the legality of the access request. 

Neither Howard nor Carter teach, disclose, or suggest "determining whether the access 
request is to be transmitted to the server based on the estimate of the legality of the access 
request," as also discussed above with respect to the rejection of claim 1 . 

The sixth and seventh clauses of claim 66 recite: 

The estimating includes calculating a predetermined estimation value according 
to a degree of correspondence of the access request to the pattern of illegal 
access stored in the illegal pattern database; and 
the determining includes comparing the estimation value calculated in the 
estimating with a predetermined threshold value, and determining whether the 
access request is to be transmitted to the server. 

Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined estimation 
value according to a degree of correspondence of the access request and the illegal access 
patterns stored in the illegal pattern database/' or comparing "the estimation value calculated by 
the pattern estimation unit with a predetermined threshold value," to ''determine whether the 
access request is to be transmitted to the server," as discussed above with respect to the 
rejection of claim 1 Thus, even if Howard and Carter were combined as proposed in the Office 
Action, claim 66 would not result. Claim 66 is submitted to be allowable for at least those 
reasons discussed above with respect to the rejection of claim 1 . Withdrawal of the rejection of 
claim 66 is earnestly solicited. 

Claim 67: 

The second clause of claim 67 recites: 

Estimating a legality of an access request based on an illegal access pattern 
stored in an illegal pattern database and on a predetermined pattern estimation 
rule. 

Howard neither teaches, discloses, nor suggests "estimating a legality of an access request 
based on an illegal access pattern stored in an illegal pattern database and on a predetermined 
pattern estimation rule," as discussed above with respect to the rejection of claim 1 

The third clause of claim 67 recites: 
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Determining whether the access request is to be abandoned based on the 
estimate of the legality of the access request. 

Howard neither teaches, discloses, nor suggests "determining whether the access request is to 
be transmitted to the server based on the estimate of the legality of the access request," as 
recited in claim 67. Howard, rather, denies requests associated with input strings having an 
attack pattern, as discussed above with respect to the rejection of claim 1 . 

The fourth and fifth clauses of claim 67 recite: 

The estimating includes calculating a predetermined estimation value according 
to a degree of correspondence of the access request to the pattern of illegal 
access stored in the illegal pattern database; and 

the determining includes comparing the estimation value to a predetermined 
threshold value, and determining whether the access request is to be abandoned. 

Neither Howard nor Carter teach, disclose, or suggest calculating M a predetermined estimation 
value according to a degree of correspondence of the access request and the illegal access 
patterns stored in the illegal pattern database," or comparing "the estimation value calculated by 
the pattern estimation unit with a predetermined threshold value/' to "determine whether the 
access request is to be transmitted to the server," as discussed above with respect to the 
rejection of claim 1 . Thus, even if Howard and Carter were combined as proposed in the Office 
Action, claim 67 would not result Claim 67 is submitted to be allowable for at least those 
reasons discussed above with respect to the rejection of claim 1 . Withdrawal of the rejection of 
claim 67 is earnestly solicited. 

Claims 31 , 32, 63, and 64: 

Claims 31, 32, 63, and 64 were rejected under 35 US.C. § 103 as being unpatentable 
over Howard and Carter, and further in view of US 6,535,855 to Cahill etaL {hereinafter "Cahill"), 
The rejection is traversed. Reconsideration is earnestly solicited. 

Claims 31 and 32 depend from claim 1 and add further distinguishing elements. Neither 
Howard nor Carter teach, disclose, or suggest "a pattern estimation unit which estimates legality 
of an access request based on the illegal access patterns stored in the illegal pattern database 
and on a predetermined pattern estimation rule," or "a transmission unit which controls 
transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
estimated to be legal," as discussed above. 

Cahill does not either, and thus cannot make up for this deficiency of Howard and Carter 
with respect to claims 31 and 32. Thus, even if Howard, Carter and Cahill were combined, as 
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proposed in the Office Action, the claimed invention would not result. 

Finally, the Office Action provides no motivation or suggestion to combine the teachings 
of Howard, Carter and Cahil! as required by 35 US.C. § 103(a) and the M.P.E.P. §706.02(j)(D) T 
beyond an assertion that "(o)ne of ordinary skill in the art at the time of the invention would have 
been motivated to make the above mentioned modifications for the reasons discussed in Carter, 
Paragraph [0026]". 

In paragraph [0026], however, while Carter opines that monitoring and protecting network 
communication over the Internet is a major purpose of network surveillance and security 
systems, Carter fails to mention any reason at all to include a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database, as recited in claim 1 . Thus, even if persons of ordinary skill in the art would 
have been motivated by paragraph [0026] of Carter at the time of the invention, there is no 
reason to believe the claimed invention would be at all the result Claims 31 and 32 are thus 
also submitted to be allowable. Withdrawal of the rejection of claims 31 and 32 is earnestly 
solicited. 

Claims 63 and 64: 

Claims 63 and 64 depend from claim 33 and add further distinguishing elements, 
Neither Howard nor Carter teach, disclose, or suggest " c< a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or ''controlling transmission of 
the access request based on determination result of the pattern determination step so as to 
transmit the access request to the server when the access request is estimated to be legal, 1 ' as 
discussed above. 

Cahili does not either, and thus cannot make up for this deficiency of Howard and Carter 
with respect to claims 63 and 64. Thus, even if Howard, Carter and Cahili were combined, as 
proposed in the Office Action, the claimed invention would not result 

Finally, the Office Action provides no motivation or suggestion to combine the teachings 
of Fuh, Carter and Cahili as required by 35 U.S.C, § 103(a) and the M.P.E.P. §706.02{j)(D), 
beyond an assertion that "(o)ne of ordinary skill in the art at the time of the invention would have 
been motivated to make the above mentioned modifications for the reasons discussed in Carter, 
Paragraph [0026]\ as discussed above. Claims 63 and 64 are submitted to be allowable. 
Withdrawal of the rejection of claims 63 and 64 is earnestly solicited. 
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Claims 20. 21.52 and 53: 

Claims 20, 21 , 52 and 53 were rejected under 35 U.S.C. § 1 03 as being unpatentable 
over Howard in view of US Patent Application Publication 2002/0165894 to Kashani et al. 
(hereinafter "Kashani") and US Patent Application Publication 2003/0135555 to Birrel et al 
(hereinafter "Birrer). The rejection is traversed to the extent it might apply to the claims as 
amended. Reconsideration is earnestly solicited. 

Claims 20 and 21 depend from claim 1 and add further distinguishing elements. Howard 
neither teaches, discloses, nor suggests "a pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," or "a transmission unit which controls transmission of 
the access request based on the determination result of the pattern determination unit so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 1, 

The Office Action acknowledges in section 10, at page 5, that ''Howard does not explicitly 
teach of wherein the pattern estimation unit calculates a predetermined estimation value 
according../' as recited in claim 1, from which claims 20 and 21 depend. Neither Kashani nor 
Birrel do not either, and thus cannot make up for this deficiency of Howard with respect to claims 
20 and 21 . Thus, even if Howard, Kashani and Birrel were combined as proposed in the Office 
Action, the claimed invention would not result. Claims 20 and 21 are submitted to be allowable. 
Withdrawal of the rejection of claims 20 and 21 is earnestly solicited. 

Claims 52 and 53: 

Claims 52 and 53 depend from claim 33 and add further distinguishing elements. 
Howard neither teaches, discloses, nor suggests *a pattern estimation unit which estimates 
legality of an access request based on the illegal access patterns stored in the illegal pattern 
database and on a predetermined pattern estimation rule," or "controlling transmission of the 
access request based on determination result of the pattern determination step so as to transmit 
the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 33. 

The Office Action acknowledges in section 10, at page 5, that "Howard does not explicitly 
teach of wherein the pattern estimation unit calculates a predetermined estimation value 
according... 1 ' Neither Kashani nor Birrel do not either, and thus cannot make up for this 
deficiency of Howard with respect to claims 52 and 53. Thus, even if Howard, Kashani and Birrel 
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were combined as proposed in the Office Action, the claimed invention would not result. Claims 
52 and 53 are submitted to be allowable. Withdrawal of the rejection of claims 52 and 53 is 
earnestly solicited. 

Claims 22-25 and 54-57: 

Claims 22-25 and 54-57 were rejected under 35 U.S.C. § 103 as being unpatentable over 
Howard in view of Carter and Kashani. The rejection is traversed. Reconsideration is earnestly 
solicited. 

Claims 22-25 depend from claim 1 and add further distinguishing elements. Howard 
neither teaches, discloses, nor suggests "a pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," or "a transmission unit which controls transmission of 
the access request based on the determination result of the pattern determination unit so as to 
transmit the access request to the server when the access request is estimated to be legal/' as 
discussed above with respect to the rejection of claim 1 . 

Neither Carter nor Kashani do either, and thus cannot make up for this deficiency of 
Howard with respect to claims 22-25. Thus, even if Howard, Carter and Kashani were combined 
as proposed in the Office Action, the claimed invention would not result Claims 22-25 are 
submitted to be allowable. Withdrawal of the rejection of claims 22-25 is earnestly solicited. 

Ciaims 54-57: 

Claims 54-57 depend from claim 33 and add further distinguishing elements. 

Howard neither teaches, discloses, nor suggests "a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or "controlling transmission of 
the access request based on determination result of the pattern determination step so as to 
transmit the access request to the server when the access request is estimated to be legaf," as 
discussed above with respect to the rejection of claim 33. Neither Carter nor Kashani do either, 
and thus cannot make up for this deficiency of Howard with respect to claims 54-57. Thus, even 
if Howard, Carter and Kashani were combined as proposed in the Office Action, the claimed 
invention would not result. Claims 54-57 are submitted to be allowable. Withdrawal of the 
rejection of ciaims 54-57 is earnestly solicited. 
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Conclusion: 

Accordingly, in view of the reasons given above, it is submitted that all of claims 1,2,4, 
6-34, 36, and 38-67 are allowable over the cited references. Allowance of all claims 1,2,4, 6- 
34, 36, and 38-67 and of this entire application is therefore respectfully requested. 

Finally, if there are any formal matters remaining after this response, the Examiner is 
requested to telephone the undersigned to attend to these matters. 

If there are any additional fees associated with filing of this Amendment, please charge 
the same to our Deposit Account No, 19-3935. 




Respectfully submitted 



Registration No. 37,889 



1201 New York Avenue, NW, 7th Floor 
Washington, D,C, 20005 
Telephone; (202)434-1500 
Facsimile: (202)434-1501 
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